Developing: New Adventures in SQL Injection Attacks

It would appear that we have a developing issue originating from various locations in China for the past few days that we (security researchers) are still piecing together.

Over at the SANS Internet Storm Center, John Bambenek has posted (and also provided at least one update at this hour) a daily handler’s diary entry explaining that that they have had reports of a possible SQL worm, involving some domains, JavaScript, and URLs that first popped up on our threat radar on Monday (5 May 2008) morning.

Trend Micro has already proactively blocked access to these malicious domains and URLs (and the associated malicious “back-channel” background activity) while we push out a pattern update for malicious file and JavaScript detection.

Having said that, that’s the beautiful thing about hybrid Web Threat Protection (WTP) — we shrink the “time-to-exploit” window immediately by breaking the infection chain.

For now, please be assured that we are burning the midnight oil working on these issues, and will update this blog post as more details become clear. For now, please refer to the SANS ISC Daily Handler’s Diary for details, and we’ll post more as this developing incident unfolds.

One further note: While the numbers are only in the ~4,000 to ~5,000 range (still not small!), there are some very high-profile Web sites that seem to have been compromised in this attack.

PLEASE DO NOT GO SEARCHING FOR WEB SITE COMPROMISES. In this particular case, if you are not adequately prepared and protected, you can become a victim of your own curiosity.

Security Predictions for 2018

Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.Read our security predictions for 2018.

Business Process Compromise

Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more,
read our Security 101: Business Process Compromise.